A last name and username is required for each user created in WorkflowGen. By default, the LASTNAME field is mapped to the sn LDAP attributes.
It’s possible that you have some directory entries without LASTNAME, such as service accounts. To exclude those entries, add the following parameters to your LDAP query:
(&(objectCategory=person)(objectClass=user)(sn=*)(sAMAccountName=*))
sAMAccountName is also required to exclude directory entries without usernames.